Multiple SQL injection vulnerabilities in PHP Lite Calendar Express 2.2 and previous versions allow remote malicious users to execute arbitrary SQL commands via the (1) cid and (2) catid parameters to (a) day.php, (b) week.php, (c) month.php, and (d) year.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
php lite calendar express 2.2 |
||
php lite calendar express 2.0 |